Windows Client Guidance against speculative execution vulnerabilities
-
That's my whole point. The vulnerabilities from Spectre &Meltdown are known by the bad guys (hackers) out there and I am still not completely covered. Unfortunately, there is nothing either you , me or anyone else can do while waiting for a firmware patch.
Isn't there? What if you run as a standard user? Would that help or not?
Doesn't the malware required need authority to run or does any user (including limited ones) have access to see what the butler is doing in the wine cellar (to use the feeble analogy apparently used by every single newspaper on the planet).
And add some layer of protection to your system and your habits (closing browser after visiting sites, that are have important data for you - online mail etc). Using safe software (patched browsers are crucial) and prevent malware to install local.
As far as I know, there is no malware in the wild, which explore these vulnerabilities yet. But it's only question of time.
-
-
Isn't there? What if you run as a standard user? Would that help or not?
Doesn't the malware required need authority to run or does any user (including limited ones) have access to see what the butler is doing in the wine cellar (to use the feeble analogy apparently used by every single newspaper on the planet).
Yes, but at some point or another one will need to use the Admin user account for some specific tasks and for a long period of time depending on what is being done.
-
And add some layer of protection to your system and your habits (closing browser after visiting sites, that are have important data for you - online mail etc). Using safe software (patched browsers are crucial) and prevent malware to install local.
As far as I know, there is no malware in the wild, which explore these vulnerabilities yet. But it's only question of time.
That's the way to go for now and it has always been even before the discovery of Spectre & Meltdown vulnerabilities. Just for kicks, you know that Chrome and some chromium-based browsers like Opera & Vivaldi won't get a fix against them before January 23, 2018, which, I admit, is pretty soon. Until that date, all one can do, is to enable an optional feature "Site Isolation" in order to mitigate the exploitation of these vulnerabilities.
-
That's the way to go for now and it has always been even before the discovery of Spectre & Meltdown vulnerabilities. Just for kicks, you know that Chrome and some chromium-based browsers like Opera & Vivaldi won't get a fix against them before January 23, 2018, which, I admit, is pretty soon. Until that date, all one can do, is to enable an optional feature "Site Isolation" in order to mitigate the exploitation of these vulnerabilities.
-
-
And add some layer of protection to your system and your habits (closing browser after visiting sites, that are have important data for you - online mail etc). Using safe software (patched browsers are crucial) and prevent malware to install local.
As far as I know, there is no malware in the wild, which explore these vulnerabilities yet. But it's only question of time.
There is code at GitHub that will do it
-
Even before the advent of Firefox Quantum, it has always been my favorite browser.
-
Even before the advent of Firefox Quantum, it has always been my favorite browser.
Mine as well been using it since it first came out as Phoenix.
-
There is code at GitHub that will do it
Do you have a referenced link?. I am just curious.!
-
There is code at GitHub that will do it
Do you have a referenced link?. I am just curious.!
if working code is available, be ready for some serious trouble... just question of time and how will bad guys pack it.
-
Do you have a referenced link?. I am just curious.!
I will not post it. Also some guy at MDL wrote some kind of script to activate it. I think that has been posted here.
Quote
